ByteGain GDPR FAQ

What is GDPR?

The General Data Protection Regulation (GDPR) is a new European Union privacy law that goes into effect on May 25, 2018. The GDPR will replace the EU Data Protection Directive 95/46/EC and will apply a single data protection law throughout the EU.

ByteGain has taken steps to ensure that it will be compliant with the GDPR by May 25, 2018.

What has ByteGain done to comply with GDPR?

ByteGain has conducted an extensive analysis of its data collection and processing to ensure it complies with the new requirements of the GDPR.

ByteGain is also providing a GDPR API callable by customers, to perform certain GDPR actions, such as data deletion, data and access log retrieval.

What is ByteGain’s role under GDPR?

ByteGain acts as both data controller and data processor under the GDPR.

What personal data does ByteGain collect and store from its customers?

As a data controller ByteGain collects and stores information voluntarily given by its customers, such as contact information (name, company name, email address, phone number and/or physical address) when customers sign up for its services. ByteGain may also collect and log information such as customer IP address for purposes such as but not limited to spam prevention and fraud detection.

As a data processor, when customers use its services, ByteGain will collect and store end user activity streams from web browsers and mobile devices. This is necessary in order for ByteGain to be able to provide its services, to train machine learning models and to provide predictive analytics to its customers.

How can customers and end users perform GDPR actions on their data?

Customers can request, on behalf of their users, certain actions on the user data (delete, retrieve data, retrieve access log, block data collection). Customers can interact with ByteGain via its GDPR API. Each customer request will be authenticated. It is the responsibility of the customer to retry API requests that may initially fail.

Customers can also request all their data, including contact information and data collected for the customers’ end users, be deleted from the ByteGain systems.

How long does ByteGain take to process GDPR requests?

GDPR API requests are asynchronous and may take up to 30 days to be processed. ByteGain will notify its customers when requests are fulfilled.

What is ByteGain’s default data retention policy?

End user data collected by ByteGain will be securely stored for an indefinite length of time or until a customer requests such data be deleted.

Artifact data generated during normal data processing activities, such as machine learning model training, will have a default retention policy of 180 days.

Which third party processors does ByteGain use?

For data storage and processing, ByteGain uses the Google Cloud Platform (GCP) and Amazon Web Services (AWS). ByteGain makes every effort to implement best security practices on these platforms to ensure the security and privacy of customer and end user data.

ByteGain may also use other processors such as payment processors,analytics services and marketing services to inform and market new services to its customers.

Which policies are customers required to review and accept?

Before using ByteGain services, customers are required to review and accept: